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ABSTRACT 

In 2001, the world largest oil production in the coast of Brazil was sank due to the series of explosions. This 
accident claimed 11 lives of crew members and 1 of 4 main support columns affected and lame. The purpose of 
this case study is to learn from previous experience about the engineering failure from engineering ethics 
viewpoints which cover the responsible of an engineer to keep safety of people around and maintain of 
environmental care. 
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I. INTRODUCTION 

The P-36 (Petrobras P-36) accident in Campos Basin, Brazil is a case study about incident of offshore 
which involves semi-submersible platform that sank on 14 March 2001. The platform was redesigned from 
previous design name 'Spirit of Columbus' for Petrobras and it was constructed between 1997 and 1999. In the 
incident, two explosions occurred. There are 3 elements of engineering failures which lead to the incident. The 
elements are operating, maintenance and project design malfunction [1]. The case study analysis on the failure 
issue has been made in [2-3], but the accident was not involving the failure of lack of operation control. For this 
study, an analysis of the explosion has been made and according to the analysis, 3 series of key events triggered 
the accident and followed by two series of explosions. Another analysis is about the sinking of P-36 also has 3 
series of key events. The engineering ethics analysis has been made at the end of the study come out with the 
concrete conclusion of this case study. 

II. KEY EVENTS 

Three Key Events before Explosion: 

Frequent movements of water in the drains storage tank. 

• storage of large quantity of oily water in the drains storage tanks. (operating procedures malfunction) 

• operating failure in the level indicators of the drains storage tank.(maintenance procedures malfunction) 

• blockage of the open drain vessel(maintenance procedures malfunction) 
Maintenance of the aft starboard drains storage tank. 

• isolation of the tank vent line without isolating the intake line, (operating procedures malfunction) 
Operation to empty the aft port side drains storage tank. 

• Removal of water from the tank via the production header. (Operating procedures malfunction) 

• Operation carried out without management supervision. (Operating procedures malfunction) 

• Mechanical failure or incomplete closure of the starboard tank valve. (Maintenance / operating malfunction) 

Two Key Events of Explosion: 
First explosion 

• Inadequate classification of the area around the drains storage tank.(Project design malfunction) 
Second explosion 

• Ineffective communication system and coordination between the emergency response team and the platform 
command. (Operating procedure malfunction) 

Three Key Event After Explosion: 

Flooding of the column and pontoon. 
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• Failure of the dampers of the column ventilation system. (Maintenance procedures malfunction) 

• Man holes to aft starboard ballast tank and adjacent stability box left open. (Operating procedures 
malfunction) 

Admission of ballast water at the forward port side. 

• Ineffectiveness of the actions to control flooding (Operating procedures malfunction) 

• Insufficient personnel capability in emergency stability control. (Management system malfunction) 

• Two seawater pumps out of operation. (Maintenance procedures malfunction) 

Continuous Submersion of the Platform. 

• Aft starboard ballast tank and adjacent stability box left open. (Operating procedures malfunction). 

III. MAJOR ISSUES SURROUNDING THE FAILURE 

Proximate Cause 

The main cause of this problem is the effect of a mixture of water that leaked oil and gas into the closed 
of emergency drain tank. Near the tank, the main cause of the occurrence of the cause is in terms of its structure 
and operating elements were served as a contributor to the occurrence of this event is going to eventually end 
sinking of the P-36. 

Underlying Issues 

Focus on Cost-Cutting 

As a result of the focus on achievement in terms of direct financial was decided that to design 
emergency drain tank in terms of the support column, and also not to stop in an awkward operation performed to 
investigate the matter. 

Poor Design 

Settlements designed emergency drain tank indoors and close their support for sea water service pipe 
used to extinguish the fire and create opportunities for the major mode of failure of this project and is a major 
contributor to this disaster. Sea water fire-fighting system presents a risk of flooding if not integrity protected. 
Accidents happen to the P-36, the Commission requested that the inquiry report emergency drain tank placement 
in space and support is common practice for the industry but then have fabricated form was introduced again in 
the future. Furthermore, because there is no evidence of risk or hazard analysis before a decision is made to put 
the design emergency drain tank indoor plumbing service support or near the sea on the water tank involved in 
manufacturing operations. 

Other than that, there is no clear method to inform the operator that the pipes had burst and flooded the 
column space. And last, 1,723 alarms were sounded within 17 minutes of the current outbreak of emergency 
drain tank and also at a severe explosion. It happened because there was no system in place in priority alarm 
entry or aid in the control of the operator to handle a lot of alarm and the operation. 

Component Failure 

The Fig. 5 and 6 show that the system is in a multi-functional failure, as well as deficiencies in the 
initial setup which was introduced as a guide [4-5]. Due to the delay in the drain pump port emergency drain tank 
inevitable and clarified the fluid flow takes approximately 1 hour. This fluid can flow through the valve leak 
emergency drain tank closed inner right side, which, having no secondary protection in place to prevent leakage. 
After the tank set off water pipes burst and the sea was breaking, flooding has caused seawater pump travel 
distance becomes shorter. The valve components (still in set design failure) fail in the open position, after the 
flood of uncontrolled inner pole began to flow freely. Despite the failure to make a choice set is not necessarily 
yes presumed guilty , also place control without any advance preparation system for controlling the flow of sea 
water when the pump is running and has are short circuited from the flood. In addition, the failure of watertight 
dampers in the ventilation system works add to the effects of more severe flooding. 
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Fig. 5 Condition of component failure 
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Fig. 6 Condition of valve failure 



Lack of Training and Communication 

Both sides of the Commission of Investigation and the Association of the oil workers' (FUP) has been 
registered, a lack of training content and procedures in addressing the stability and ballast critical time as the 
actual events that occurred. Commission of Inquiry reported that when the stability of the tank and the box was 
opened for inspection, operators are not in accordance with the procedures available when a flood occurs. 

Furthermore, no one who closed the door seals are opened by a team of firefighters. In this case, the 
FUP blame the Petrobras in the use of subcontracted workers. Some say to have 81 employees who had been 
killed on the job site Petrobras in the past three years, and 66 people subcontracted workers. FUP verify that 
workers are less practical training and there are a number of them do not know about their rights as workers to 
stop any work that is done in case of any mishap. Three days before the accident occurred, the manager of the 
company in Brazil Petrobras has made a slot with broadcast news bulletins in Brazil about the suggestion that the 
Petrobras oil production centers should be closed to deal with the air pressure in the pipe, which could cause an 
accident flooding from a remote emergency drain tank. Head of the department for the oil & gas Petrobras is not 
told about the problems that occur at the place of the incident, but the investigation ordered by President 
Petrobras itself (which made a few days after the accident) found that this condition can be accepted on the basis 
that there was no indication of involvement of elements criminal elements or intentional concealment of 
information about the accident. Although this accident cannot be demonstrated how the P- 36 accident happens, 
FUP argue that this is indicative of the negligence of the management of safety. 
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IV. ENGINEERING FAILURE INVOLVED 

Failures in engineering ethics involved in these accidents are happening due to the air pressure in the 
pipe is very high, which should be held partly occur isolated inner emergency drain tank. Both sides of the 
commission of inquiry and oil workers lack of training to deal with emergencies stability and ballast. Where in 
when the Commission of Inquiry reported that when the stability of the tank and the box was opened for 
inspection, the operator does not make the employee with all engineering procedures. In addition, none of the 
water was shut sealed and reopened by a team of firefighters. Failures in engineering can be seen when the door 
is not closed water sealed properly. With the FUP trying to blame the company Petrobras for use subcontracted 
workers improper procedures. The main cause of failure of engineering has been told, this accident likely 
happened was able to be identified from a critical moment during the startup and operation of the storage tank 
drainage ditches at the back port space. The Oil water inside the tank will be pumped out to the header tank 
production platform, where the acceptance of the flow of oil and gas from producing wells. 

V. ANALYSIS OF ETHICAL LAPSES 

There several ethical theories that will be considered in this case study: 
Virtue Ethics as leader on operation 

The main lesson that can be taken is about efficiency and evaluation of performance cannot guarantee 
the security of the safe, the industry is necessary, in practice continuously for safe operation. So this is show the 
virtue ethics of someone that's managing the operation of management. Require Virtues competence in order to 
successfully implement them through Virtuous actions. This character is important because this character as to 
lead to control for the part of Operational Safety Management System. By follow Act of Malaysian Safety and 
Health 1994 Section 20 / Section 21, Preliminary Part V: General Duties Designers, Manufacturers and 
Suppliers, As far as practice. The purpose of this act was to: 

Ensure plant / materials designed safely and without risk health when used correct. 
Arranging or carrying out tests and inspection. 

From the second act, The Petrobras P-36 accident also illustrated that modifications must be carefully 
analyzed for failure modes, even if modifications have become common practice or industry standards. As well, 
Personnel must be trained and understand the components and equipment, especially fail-set components that 
can affect operations in an emergency. So the design and the operator must be well trained before the equipment 
will be use. 

Virtue ethics: interested in in determining what kind of people we should be 

Ballast operator was trying to correct by adding water into the ballast tanks port bow, the column 
directed against flooding. Ballast and tank room being flooded by water by the water coming from the fourth 
floor of the chamber through pipes. Attempts to correct the lists of additional ballast tanks bow to port with the 
objective to ensure the safe transfer of personnel. 

Duty ethics 

Ethical action that could be write down on a list of duties which express respect for persons, express an 
unqualified regard for autonomous moral agents, and are universal principles. The procedure begins by clearing 
the harbor EDT Operators are in the center of the room to try to activate the platform drain pump from the same 
room but to no avail. And unnoticed by him, the pump can only be activated by an actuator that is placed near 
the pump for safety reasons. Before the procedure is approved to run, inlet pipe for the second valve - two tanks 
should be closed, and drain pipes port tank line will have the same right to the oil processing plant. 

Environmental ethics 

As an engineer he should be responsible for part of his invention of technology that have led to 
environmental damage and also trying to find a solution to the problems caused by the introduction of modern 
technology. 

VI. CONCLUSION AND RECOMMENDATION 

The main reason the sinking of the platform is because of the un-alignment of the EDT to the 
production header instead of to the production caisson, permitting the initial entry of hydrocarbons into the 
starboard EDT. So this is show the workers was assigned to carry out the work take for granted the procedure. 
The major lessons can learn from this accident is efficiency and performance should not supersede safety, in 
industry there is the need for the continuous pursuit of safe operations. This includes the addition of redundancy 
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where appropriate, and a system-engineering outlook to identify and prevent simultaneous or cascading failures 
created by the proximity of critical parts and subsystems. The Petrobras P-36 accident also illustrated that 
modifications must be carefully analyzed for failure modes, even if modifications have become common practice 
or industry standards. As well, personnel must be trained and understand the components and equipment, 
especially fail-set components that can affect operations in an emergency. Last but not least, The Petrobras P-36 
accident illustrated that modifications must be carefully analyzed for failure modes, even if modifications have 
become common practice or industry standards. As well, personnel must be trained and understand the 
components and equipment, especially fail-set components that can affect operations in an emergency. The 
operators must be responsible for establishing a mythology to prioritize and focus response in emergency 
situations. This includes incidents when multiple alarms could be potentially sounding simultaneously or in a 
condensed period. 
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